vercel-react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): No malicious patterns, obfuscation, or data exfiltration vectors were identified in the analyzed content. The skill is purely documentation-based.
- [Metadata] (SAFE): The author is identified as 'vercel', which is a trusted organization. The metadata accurately describes the skill's purpose as a set of performance guidelines.
- [Indirect Prompt Injection] (LOW): 1. Ingestion points: The skill processes user-provided React/Next.js code during reviews (as per the 'When to Apply' section). 2. Boundary markers: Absent. 3. Capability inventory: No executable code, subprocess calls, or network operations are present in the skill file. 4. Sanitization: Not applicable as there is no execution. While the skill ingests untrusted data, it lacks any dangerous capabilities that could be exploited.
Audit Metadata